Security Management Strategies for the CIORequires Free Membership to View
You may already know a bit about these product categories via your work in the data center, but understanding the network attack vectors and, most importantly, the way to isolate and remediate exposures and attacks, is a bit different. There are really two ways to get this kind of understanding.
First, you can learn in the school of hard knocks. That means you basically ask for a transfer to your company's security team and start at the bottom. You'll likely be configuring firewalls and NIPS boxes, troubleshooting VPN issues, and maybe even looking over some log data to try to spot an attack and defend against it.
The other way is to go take some training courses. I suggest reading a lot (some of SearchSecurity.com's Security Schools can certainly help provide an understanding of the vernacular) and also look into formal training, like that offered by organizations such as SANS and Security University. These courses offer a good base in introductory topics, which will start your journey with the right foundation.
I also suggest specializing fairly early in your education. A base of knowledge is essential, but then focusing on something like data center or server security could be a good choice, given your background already. There are hot topics like virtualization security that will require specialized knowledge in the future, and you are well-positioned to serve that need.
Other areas of potential specialization could include SOA security or Web application security, depending on what those Microsoft servers you were managing are actually doing.
For more information:
This was first published in December 2007
Join the conversationComment
Share
Comments
Results
Contribute to the conversation